MDaemon Technologies Blog

A brief glance through my spam folder in MDaemon Webmail recently reminded me of the need for on-going education on the topic of phishing and Business Email Compromise (BEC) scams. I’d like to be able to tell you that the recent crush of cyberattacks on the healthcare sector, as exacerbated by the COVID-19 pandemic, has run its course – but then I’d be the one scamming. Looking through the latest Health IT Security monthly news archive turns up a long litany of phishing, ransomware, malware, spoofing, password theft and other data leaks, and server vulnerabilities that affect millions of patients and financial donors – and it’s not even the end of the month.

The COVID-19 pandemic has accelerated the adoption of cloud services across all industries, but particularly for healthcare providers. If your healthcare organization is considering moving your email from on-premise servers to the cloud, you must do your due diligence around significant security drawbacks that may overshadow the perceived benefits.

The COVID-19 pandemic has been a boon for bad actors across the digital landscape. In July, for instance, authorities in the U.S., U.K. and Canada all issued warnings about serious cyberattacks against healthcare organizations and others involved in the coronavirus response. The purpose of these attacks? Theft of intellectual property during the race to develop a vaccine. The tool of choice? Spear-phishing email attacks.

As long as healthcare organizations continue to use email, cybercriminals will find new ways to exploit security gaps, software bugs, and basic human nature to extort millions of dollars from their victims. In just the first six months of this year, Becker’s Hospital Review has noted more than 65 separate incidents of malware, ransomware and phishing attacks on healthcare providers, ranging from Alaska and Hawaii to Florida and Maine. These attacks affected more than 1.14 million patient records in just the cases that released statistics; the true number of those affected is much higher. While one-third of these attacks are specifically noted as being email-related, again, the true number is likely much higher.

The COVID-19 crisis has changed the way we approach data privacy and email security. The necessary and accelerated transition to working from home has been accompanied by a growing surge of Coronavirus-themed phishing scams and spoofed websites used to distribute malware or lure victims into providing confidential information.

The COVID-19 pandemic’s global spread has paved the way for threat actors to unleash the most widely-used cyber threat in recent memory. And healthcare entities are the most frequent target.

Staying informed of the latest data privacy regulations as they apply to healthcare can be challenging. Not only are there a plethora of different security and retention requirements, but the risk of failure is higher than in any other sector:

We live in an era where the amount of valuable data businesses must store is increasing at an unprecedented pace. Consequently, the number of cyber criminals trying to gain access to that data is also increasing. In fact, according to a report released last year by Osterman Research, 81% of organizations have been the victim of some type of data breach, targeted email attack, successful phishing attack or other cyber security incident during the previous 12 months. And with the surge of people working from home due to the COVID-19 pandemic, these numbers are only going to go up.

Most of our customers are small-to-medium businesses with limited IT budgets across a variety of industries – including healthcare, education, manufacturing, and government. Having a limited IT budget often means having limited staff available for troubleshooting email or tracking down messages, so when considering which email gateway/spam filter you want for your business, one of the main criteria to consider is how easy it is to find messages for your users. Users who are expecting business-critical messages need to know ASAP what happened if that message is not delivered. With Security Gateway, it’s easy to find out if a message was rejected, quarantined or delivered. If it was rejected or quarantined, color-coded transcripts make it easy to determine exactly why the message was not delivered.

Many businesses are responsible for maintaining large amounts of confidential data, including customer records, medical records, financial reports, legal documents, and much more. It’s very common for these types of information to be transmitted via email, especially as the Covid-19 pandemic has forced many businesses to embrace working from home. So how can you ensure confidential data transmitted via email is kept private? How can you ensure the integrity of transmitted data?